Educause Security Discussion mailing list archives
Re: DNSSEC & the .EDU domain
From: "Memisyazici, Aras" <arasm () VT EDU>
Date: Mon, 18 Aug 2008 02:32:03 -0400
Well who is going to pay for the staff and systems to do the signing?
Open-Source it to EDU only and make sure team members are 'yay' high. i.e. Certifications, degree(s), experience etc etc. The Google Summer of Code project proved that there are plenty of good eager programmers out there that want to make a name for themselves... As far as HW goes... SCHEV funding maybe? Donations? Shared Pool (i.e. Want to use DNSSEC? Donate HW or money) *shrug*
How much is required for the number of zones in the .edu domain space?
How much what? Money? See above if so...
How long does it take?
Depends on how efficient the system is designed and operated...
Who holds the keys?
Current admins of the .edu domain have not done anything wrong to betray my trust personally :)
What are the methodologies
for requesting a zone signing or resigning? Somewhere between PCI and SSL strictness as far as scrutiny goes...
Do we allow anyone to
login to a webpage to get their zone signed? See above :)
What happens when a
university password is used to get xyzzy.edu moved to servers in middle snorbtzia? Whatever happens when an SSL cert gets stolen! *clutch hair & scream circle in panic etc* :p j/k of course... Revoke the cert, revert the move, re-sign, ensure "good passphrases" are being utilized, ensure certain password safety security measures and move on! Put measures in place to ensure last 2 are enforced... *hint PCI-level hint*
Who pays for, writes, and completes the software for
the extra confirmations? See first answer... In the end, we are an educational organization ppl... No need to make this any more bigger/meaner/complex'er than it needs to be... OS it, trust the 'right ppl', and move on :) Sincerely, Aras 'Russ' Memisyazici Systems Administrator Office of the Vice President of Research Virginia Tech
Current thread:
- DNSSEC & the .EDU domain John Center (Aug 14)
- <Possible follow-ups>
- Re: DNSSEC & the .EDU domain Lawrence, Gabriel (Aug 14)
- Re: DNSSEC & the .EDU domain Memisyazici, Aras (Aug 14)
- Re: DNSSEC & the .EDU domain Brad Miller (Aug 15)
- Re: DNSSEC & the .EDU domain Rodney Petersen (Aug 17)
- Re: DNSSEC & the .EDU domain David L. Wasley (Aug 17)
- Re: DNSSEC & the .EDU domain Stephen John Smoogen (Aug 17)
- Re: DNSSEC & the .EDU domain Memisyazici, Aras (Aug 17)
- Re: DNSSEC & the .EDU domain Stephen John Smoogen (Aug 18)
- Re: DNSSEC & the .EDU domain Valdis Kletnieks (Aug 18)
- Re: DNSSEC & the .EDU domain Curt Wilson (Aug 18)
- Re: DNSSEC & the .EDU domain Shumon Huque (Aug 18)